#==============================================================#
# Default HBA
#==============================================================#
# allow local su with ident"
local   all             postgres                               ident
local   replication     postgres                               ident

# allow local user password access
local   all             all                                    md5

# allow local/intranet replication with password
local   replication     {{ pg_replication_username }}                              md5
host    replication     {{ pg_replication_username }}         127.0.0.1/32         md5
host    all             {{ pg_replication_username }}         10.0.0.0/8           md5
host    all             {{ pg_replication_username }}         172.16.0.0/12        md5
host    all             {{ pg_replication_username }}         192.168.0.0/16       md5
host    replication     {{ pg_replication_username }}         10.0.0.0/8           md5
host    replication     {{ pg_replication_username }}         172.16.0.0/12        md5
host    replication     {{ pg_replication_username }}         192.168.0.0/16       md5

# allow local role monitor with password
local   all             {{ pg_monitor_username }}                          md5
host    all             {{ pg_monitor_username }}      127.0.0.1/32        md5

#==============================================================#
# Extra HBA
#==============================================================#
# add extra hba rules here

{% for hba in pg_hba_rules_extra %}
{% if hba.role == 'common' %}
#  {% if 'title' in hba %}{{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}

{% endif %}
{% endfor %}

{% for hba in pg_hba_rules_extra %}
{% if hba.role == pg_role %}
#  {% if 'title' in hba %}{{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}
{% endif %}
{% endfor %}


#==============================================================#
# {{ pg_role }} HBA
#==============================================================#
{% for hba in pg_hba_rules %}
{% if hba.role == pg_role %}
{% if 'title' in hba %}# {{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}
{% endif %}
{% endfor %}


#==============================================================#
# special HBA for instance marked with 'pg_offline_query = true'
#==============================================================#
{% for hba in pg_hba_rules_extra %}
{% if hba.role == 'offline' and pg_role != 'offline' and pg_offline_query == true %}
#  {% if 'title' in hba %}{{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}
{% endif %}
{% endfor %}

{% for hba in pg_hba_rules %}
{% if hba.role == 'offline' and pg_role != 'offline' and pg_offline_query == true %}
#  {% if 'title' in hba %}{{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}
{% endif %}
{% endfor %}


#==============================================================#
# Common HBA
#==============================================================#
{% for hba in pg_hba_rules %}
{% if hba.role == 'common' %}
#  {% if 'title' in hba %}{{ hba.title }}{% endif %}

{% for rule in hba.rules %}
{{ rule }}
{% endfor %}

{% endif %}
{% endfor %}




#==============================================================#
# Ad Hoc HBA
#==============================================================#
# manual maintained hba rules
